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[57] ABSTRACT 

A method and system for authenticating access to hetero- 
geneous computing services is provided. In a preferred 
embodiment, logon providers are configured into the com- 
puter system, which provide secure access to their services 
by requiring authentication of user identification informa- 
tion using a logon mechanism. According to this 
embodiment, a user designates a primary logon provider to 
provide an initial logon user interface. The user enters 
identification information when this user interface is 
displayed, for example a user name, a password and a 
domain. The computer system executes a logon sequence, 
which first invokes the primary logon provider to collect 
identification information and to authenticate the user for 
access to services provided by the primary logon provider. 
The system then authenticates the collected identification 
information to provide the user access to operating system 
computer services. If the system logon authentication pro- 
cedure is not successful, then the logon sequence displays its 
own user interface to collect additional identification infor- 
mation. The logon sequence then invokes the logon routines 
of other logon providers to enable them to authenticate 
already collected identification information without display- 
ing additional user interfaces. A preferred embodiment 
enables the system logon sequence to use authentication 
information stored on a network to authenticate the user for 
access to local computing services. Also, logon providers 
can be provided for drivers other than network drivers when 
a logon mechanism is required to access their computing 
services. Further, using a primary logon provider, the initial 
logon user interface displayed to collect identification infor- 
mation can be replaced. 

50 Claims, 8 Drawing Sheets 
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METHOD AND SYSTEM FOR 
AUTHENTICATING ACCESS TO 
HETEROGENEOUS COMPUTING SERVICES 

TECHNICAL FIELD 

The present invention relates generally to a computer 
system for authenticating access to computing services and, 
more specifically, to a method and system for authenticating 
access to multiple heterogeneous resources while immuniz- 
ing the number of user interactions. 

BACKGROUND OF THE INVENTION 

In a networked computing environment, it is typical for 
multiple computer systems to be connected together through 
a physical communications link, which comprises the net- 
work. Typically, each computer system (node) that desires to 
use the services of another computer system (node) acts as 
a client node. A client node contains hardware for connect- 
ing to the network and a collection of software components 
for communicating with the hardware to access network 
services and for providing higher level network services. 
This collection of software components is collectively 
referred to as a network driver for convenience, even though 
the collection actually may comprise several drivers and 
other modules such as protocols and redirectors. Some 
network drivers provide a degree of security before they 
allow a program or user to access the services provided by 
the network. It is typical in these more secure environments 
for network drivers to require a user to "logon" to the 
network for the network driver to allow access to the 
network services it provides. The logon mechanism typi- 
cally involves displaying some kind of user interface (e.g., 
a dialog window) and requires the user to enter identification 
information such as a user name and a password. Hie 
network driver then performs an authentication procedure 
for validating the entered identification information against 
known information to verify that the user is permitted to 
access the network services. The validation process may 
involve directly comparing the information or comparing 
by-products of the information using well-known encryption 
and decryption techniques. For example, the network driver 
may store passwords for each user that is allowed to access 
the network. During the authentication procedure, the net- 
work driver compares the entered password for that user 
name with the previously stored password information by 
using the entered password to encrypt a randomly agreed 
number. When a match occurs, the network driver permits 
access to the network services. Typically, a separate logon 
mechanism is required by each network driver and by the 
computer system (the local node) to gain access to the local 
computing services when a secure local environment is 
maintained. 

SUMMARY OF THE INVENTION 

The limitations of prior systems are overcome by the 
present invention, which is an improved method and system 
for authenticating access to heterogeneous computing ser- 
vices. In a preferred embodiment, a driver is designated as 
the primary logon provider, which provides an initial user 
interface for a sequence of logon interactions. When the 
computer system is powered up, and at other times when 
logon is desired, the primary logon provider is invoked and 
attempts to collect and authenticate identification informa- 
tion for access to the computing services it provides. When 
the driver serving as the primary logon provider successfully 
authenticates the collected identification information, the 
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computer system attempts to authenticate the same identi- 
fication information for access to system computing services 
without displaying additional user interfaces. 
In one embodiment, the primary logon provider is a 

5 network driver, which provides access to network services. 
Once identification information has been collected and 
authenticated by this network driver, the local computer 
system has access to the network services provided by the 
network driver designated as the primary logon provider. 

10 The local computer system can then use the same identifi- 
cation information to authenticate access to local computing 
services. 

In another embodiment, multiple logon providers are 
present in the computer system, each of which has its own 

15 authentication mechanism. In this embodiment, each logon 
provider other than the primary logon provider attempts to 
authenticate the identification information collected by the 
primary logon provider without displaying additional user 
interfaces for collecting additional identification data. 

In yet another embodiment, the primary logon provider 
determines whether it is actively connected to the physical 
device or pseudo-device for which it provides services. 
When the primary logon provider determines that it is not 

^ actively connected, the primary logon provider avoids user 
interaction by not displaying its logon user interface. The 
authentication code of the computer operating system then 
displays its own user interface to collect identification 
information for authenticating access to system services. 

30 In yet another embodiment, multiple logon providers are 
present in the computer system, each of which determines 
whether it is actively connected to the physical device or 
pseudo-device for which it provides services. When it deter- 
' mines that it is not actively connected, the provider avoids 

35 user interaction by not displaying its logon user interface. 
In yet another embodiment, each logon provider is a 
network driver that is connected to a different 
(heterogeneous) network. Each network driver attempts to 
utilize the identification information collected by the pri- 

40 mary logon provider to authenticate access to its own 
network without displaying another user interface. 

In yet another embodiment, a user can control the logon 
user interface presented by a computer system by designat- 
ing which logon provider is to serve as the primary logon 

45 provider. 

In yet another embodiment, system authentication infor- 
mation is stored on a different network node other than the 
local computer system The primary logon provider provides 
access to this system authentication information. Once a 

50 user has completed the logon mechanism to gain access to 
the network services provided by the primary logon 
provider, the local computer system has access to the system 
authentication information stored on the different network 
node. The local computer system logon mechanism uses this 

55 system authentication information to authenticate the col- 
lected identification information for access to local system 
services. 

BRIEF DESCRIPTION OF THE DRAWINGS 

60 

FIG. 1 is an example network configuration dialog for 
designating a primary logon driver. 

FIG. 2 is an example screen display of the Windows 
operating system logon user interface. 
65 FIG. 3 is an example screen display of a logon dialog of 
a network client driver serving as the primary logon pro- 
vider. 
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FIG. 4 is a block diagram of a general purpose computer 
for practicing preferred embodiments of the present inven- 
tion. 

FIG. 5 is a block diagram of the software architecture of 
the present invention implemented in a network environ- 
ment 

FIG. 6 is an overview flow diagram of the steps performed 
by the Multiple Provider Router code to authenticate iden- 
tification information for access to the local computer sys- 
tem and to the current configured networks. 

FIG. 7 is a detailed flow diagram of the logon sequence 
provided by a preferred embodiment of the MPR code. 

FIG. 8 is a flow diagram of an example logon routine 
implemented by a logon provider. 

DETAILED DESCRIPTION OF THE 
INVENTION 

Embodiments of the present invention provide methods 
and systems for authenticating access to heterogeneous 
computing services using a single user interface. According 
to the present invention, a user designates a driver to serve 
as a primary logon provider by means of a configuration 
dialog. For the purposes of this invention, a driver is any 
software code that provides a published or known set of 
routines for accessing a set of services. For example, a 
device driver that provides access to a disk drive (a device) 
is a driver, as is database code that provides access to a 
database (a pseudo-device). When the computer system is 
powered on, or at other system initialization times, the 
computer system invokes a logon mechanism to enable the 
user to gain access to different computing services, each of 
which require authentication of identification information to 
validate the user for authorized access to the services pro- 
vided. Each driver that supports a logon mechanism and 
requires authentication for access to its services is referred 
to as a logon provider. According to the present invention, 
the logon mechanism invokes the designated primary logon 
provider to display a user interface for collecting identifi- 
cation information such as a user name, a password and an 
entity to validate against such as a domain name. Once the 
user enters the user's identification information, the primary 
logon provider authenticates this information using its own 
authentication procedure. Subsequently, the logon mecha- 
nism attempts to authenticate the already entered identifi- 
cation information for access to other computer system 
services without displaying additional user interfaces. Next, 
for each additional logon provider configured into the 
system, the computer system invokes that driver passing the 
identification information already collected. Each additional 
logon provider is then responsible for authenticating this 
same information for access to its services and attempts to 
do so without displaying an additional user interface. In this 
manner, the number of times a user is prompted to enter 
logon identification information is minimized. 

Although the present invention is discussed below spe- 
cifically with reference to network drivers, one skilled in the 
art will appreciate that the present invention is useful in 
other contexts as well, such as for other drivers that require 
logon authentication for access to their services. One 
example of such a driver is a database driver that provides 
secure access to its databases. Another example is an elec- 
tronic mail server that provides secure access to a mail 
system (whether or not the computer is connected to a 
network). The mail system and databases are considered, 
**pseudo-devices" because they are being treated like physi- 
cal devices, with access to them controlled by their drivers. 
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Embodiments of the present invention also provide a 
mechanism for displaying the user interface of the primary 
logon provider only when the driver is actively or success- 
fully connected to the device (or pseudo-device) it services. 

5 The notion of an active or successful connection is driver 
defined. For example, in a networking environment where a 
portable computer may or may not be currently physically 
connected to a network, a logon user interface would only be 
displayed when the computer system is physically connected 

10 to the network. This mechanism prevents a user from being 
confronted with multiple user interfaces simply because the 
computer system is not currently connected to a device or 
because the connection has failed for some other reason. 
Otherwise, the user would be needlessly confronted with a 

15 user interface even when no access to the device is possible 
or when the access would fail or not make sense. 

FIG. 1 is an example configuration dialog for designating 
a primary logon provider in a network environment. The 
network configuration dialog 100 contains a property sheet 

20 101 for configuring various network components. The list 
box 102 shows the network components that are currently 
installed in the computer system. The add button 104 allows 
a user to add four types of network components, including 
the following components: client drivers (network software 

25 drivers) that enable the computer to connect to other com- 
puters via the network services supplied by the client driver 
(e.g., Banyan VINES, Netware, and Client for Microsoft 
Networks); adapters, which are software modules that cor- 
respond to various hardware devices that physically connect 

30 the computer to the network (e.g., IBM TokenRing, 
Microsoft DialupAdapter, or Racal ES3210 EISA); 
protocols, which are language modules the computer uses to 
communicate over the network (e.g., the Banyan VINES 
protocol, Microsoft NetBEUI, or Microsoft TCP/IP); and 

35 services, which are software modules that enable other 
computers on a network to share folders, printers, and other 
resources residing on this computer. Once the user has 
installed the desired network components, a list of config- 
ured network client drivers is provided in Primary Network 

40 Logon list box 103. The user selects a primary network 
provider by selecting one of the client drivers from this list 
box. As shown, the list box 103 contains two different client 
drivers: the Banyan VINES driver and the Client for 
Microsoft Networks driver. In addition, the list box 103 

45 contains an entry for the Windows Logon code. The Win- 
dows Logon code refers to the authentication code provided 
by the Windows operating system for validating access to 
local computing services (e.g., access to the local 
"desktop"). The Windows Logon code entry allows a user to 

so select the authentication code provided by the Windows 
operating system as the primary logon provider instead of a 
network driver. The driver selected as the primary network 
provider is the driver responsible for displaying an initial 
user interface to collect the user identification information, 

55 such as a user name, a password and a domain name. When 
the Windows Logon entry is selected from the list box 103 
as the rrimary logon provider, the Windows operating 
system will supply its own user interface as the initial logon 
user interface. 

60 FIG. 2 is an example screen display of the Windows 
operating system logon user interface. The dialog box shown 
in FIG. 2 is displayed when the user powers up the computer 
system, or at other times when logon is appropriate, and has 
previously selected the Windows Logon entry from the list 

65 box 103 (shown in FIG. 1) as the primary logon provider. 
Dialog box 201 contains two fields for entering identifica- 
tion information to the computer system. A user name field 
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202 is provided to enable a user to enter a user identification Also, embodiments of the present invention minimize the 

sequence, e.g., a set of letters, numbers and other characters. number of user interface interactions when the computer 

A password field 203 is provided to enable the user whose system is not actively or successfully connected to devices 

user name is displayed in the user name field 202 to enter an or pseudo-devices, but is configured to support them. For 

access code. This access code ensures secure access to the 5 example, if the user has selected from list box 103 in FIG. 

computer system. That is. unless the user enters the "correct" 1 a network client driver as the primary logon provider, but 

password in the password field 203. the user is denied access the computer system is not currently connected to the 

to certain capabuities within the Windows operating system, corresponding network or the connection has somehow 

Once the user enters identification information and failed, embodiments of the present invention will display the 

presses the OK button 204, the Windows operating system 10 uscr interface corresponding to the Windows Logon code (a 

authenticates the collected information. This authentication dialog similar to mat shown in FIG. 2) or that of another 

procedure involves checking whether the password entered logon provider instead of displaying the user interface of the 

in the password field 203 is a valid password for the user designated primary logon provider, 

name entered in the user name field 202. If the password is In preferred embodiments, the methods and systems of 

valid for the specified user name, then the authentication is xs the present invention are implemented on a computer system 

successful. One skilled in the art will recognize that there are comprising a central processing unit, a display, a memory, 

many ways to store information regarding which passwords and input/output devices. Preferred embodiments are 

are valid for which user names. For example, a simple text designed to operate in an operating system environment 

file stored under an unpublicized name can be used. such as the Microsoft Windows environment defined by 

Alternatively, a secure file itself protected by a password can 2 o Microsoft Corporation in Redmond, Wash. One skilled in 

be used. Other implementations are possible. the art will also recognize that embodiments of the present 

If. instead of selecting the Windows Logon code as the invention can be practiced in other operating system envi- 

primary logon provider, the user had selected a network ronments. 

client driver from the list box 103 in FIG. 1, then the logon FIG. 4 is a block diagram of a general purpose computer 

user interface for that particular network driver is displayed 25 f° r practicing preferred embodiments of the present inven- 

when the user powers up the computer system or at subse- tion. The computer system 400 contains a central processing 

quent times when logon is desired, FIG. 3 is an example unit (CPU) 401, a display screen (display) 404, input/output 

screen display of a logon dialog of a network client driver devices 403, and a computer memory (memory) 402. The 

serving as the primary logon provider. Dialog box 301 is a network drivers, as well as the. operating system code for 

driver-specific dialog provided by the Client for Microsoft 30 producing the logon user interface shown in FIG. 2, pref- 

Networks client driver. This driver is displayed as the erably reside in the memory 402 and execute on at least one 

currently selected primary logon provider in list box 103 of CPU such as the CPU 401. The operating system code for 

FIG. 1. One skilled in the art will recognize that other controlling the initialization of the various network connec- 

methods for providing a logon user interface are possible, as tions when the computer system is powered on is shown as 

well as other user interfaces other than dialog boxes. For 35 the Multiple Provider Router 406 ("MPR") executing in the 

example, a resource file or an API could be provided by the memory 402. Two network drivers are shown as driver / 407 

underlying operating system and made available to the and driver, 408. These network drivers are invoked by the 

various client network drivers to be used for building their MPR 406 to authenticate access to the network services 

logon user interfaces. In FIG. 3, dialog window 301 contains provided by the drivers. The input/output devices 403 is 

three identification information fields. User name field 302 40 shown containing two network connections 409 and*410 

is an edit field for entering the user's identity. Password field and storage device 411. 

303 is an edit field for entering a password corresponding to The two network connections 409 and 410 are present to 

the user name displayed in field 302. Domain field 304 is an illustrate that preferred embodiments are operative in an 

edit field which determines the authenticating authority that environment where the computer system is connected to one 

is to validate the password entered in field 303. The entries 45 or more networks and that these networks may be hetero- 

in the user name and password fields are authenticated to geneous. One skilled in the art will appreciate that the 

provide secure access to the network services provided by methods of the present invention may be practiced on 

the particular network client driver that is currently display- processing systems with varying architectures, including 

ing the dialog (in this case, the client for Microsoft Networks multi-processor environments, and on systems with hard 

driver services). 50 wired logic. Also, one skilled in the art will realize that the 

In prior systems, if a computer system was connected to present invention can be implemented in a stand-alone 

several different networks via different network client environment where other types of drivers are used to support 

drivers, then the user would be confronted with a separate secure access to the computing services provided, 

logon user interface for each network to which the user In one aspect of the invention, a preferred embodiment 

attempted access. Embodiments of the present invention 55 provides several application programming interfaces 

provide a mechanism for enabling a user to choose which ("APIs", or sets of routines) for carrying out the methods of 

logon user interface is initially displayed and for minimizing the present invention. FIG. 5 is a block diagram of the 

the number of user interface interactions required when a software architecture of the present invention implemented 

computer system is connected to multiple heterogeneous in a network environment. FIG. 5 shows two programs 501 

networks (different types of networks, such as Banyan 60 and 502 (e.g., application programs), a multiple provider 

VINES or Netware). Heterogeneous networks typically use router dynamic link library ("DLL") 503, and three network 

different protocols to communicate between the computer drivers 504. 505, and 506 as might reside in the memory 402 

systems connected by the network and typically provide of the computer system 400 shown in FIG. 4. The multiple 

their own logon and authentication mechanisms. Thus, with- provider router DLL 503 stores the code for the multiple 

out a mechanism to control the flow of user interface 65 provider router ("MPR"), which is implemented by the local 

interactions, the user would typically be confronted with computer operating system. The MPR code implements a set 

many different and potentially confusing user interfaces. of network APIs, which are network independent and can be 
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used by programs 501 and 502 to communicate with the FIG. 7 is a detailed flow diagram of the logon sequence 

various network drivers presently configured on the com- provided by a preferred embodiment of the MPR code. In 

puter system These network APIs enable programs 501 and steps 701-706, the MPR code invokes the primary logon 

502 to communicate over the various connected networks provider's logon code to collect identification information 

without requiring specific knowledge regarding the capa- 5 and to authenticate it for access to the services provided by 

bilities or the prograniming interfaces of the networks. Hie the primary logon provider. These steps correspond to step 

MPR code 503 routes a program's request received through 601 of FIG. 6. Steps 707-711 perform local system logon 

the network APIs to the various configured network drivers procedure and correspond to steps 602-604 of FIG. 6. Steps 

by calling routines defined in a Network Service Provider 712-715 invoke the other configured logon providers to 

Interface ("SET). (Recall that "network drivers" refers authenticate access to their services. These steps correspond 

generically to the set of software components that provide t0 stC p ^ 0 f pjQ $ 

access to the network and other network services.) The SPI c m ^j«^ii« „L» tai +u a \*t>t> „~a~ :™ :„:woi 

- Jfi tL * Specifically, in step 701 the MPR code determines initial 
is a programming interface defined by the operating system t * / -j L .j • * ^ m. t_ 
and implemented by the various network drivers thatdesire ^ fo ' me identification infoimauo* These may be 
to be invoked by the MPR code 503. The operating system d u cfa f values or values Piously saved from tiie hist : tone 
defines the SPI to enable the MPR code 503 to communicate * 5 th * lo & on «eqoence was executed. In step 702, the MPR 
with various types of network drivers without having to code determines whether a primary logon provider has been 
understand the particular nuances of each individual net- designated other than the system logon code (shown as the 
work driver. Thus, Network Driver A , Network Driver*, and "Windows Logon" code entry in FIG. 1). If such a primary 
Network Driver, 504, 505, and 506 all provide an imple- logon provider exists, then the MPR code continues in step 
mentation of the SPI routines that can be called by the MPR 20 703, else continues in step 707. In step 703, the MPR code 
code 503 to communicate over Network A, Network B, and calls the primary logon provider's logon routine to collect 
Network i. identification information, which is typically a user name, a 
One of the routines defined as part of the Network Service password and a domain. The initial identification inf orma- 
Provider Interface is a logon routine. This routine is invoked tion is passed to the primary logon provider so that the 
by the MPR code 503, in an order to be described, to 25 primary logon provider can use the information as needed, 
authenticate identification information for access to the for example, to prefill the fields of the logon dialog box 
networks currently configured in the computer system FIG. shown in FIG. 3. A preferred embodiment of the logon 
6 is an overview flow diagram of the steps performed by the routine defined in the SH is discussed in detail with refer- 
Multiple Provider Router code to authenticate identification ence to FIG. 8. In step 704, the MPR code determines 
information for access to the local computer system and to 30 whether the invoked logon routine returned a cancellation 
the current configured networks. The logon sequence shown status and, if so, returns, otherwise continues in step 705. 
in FIG. 6 uses a designated primary logon provider to collect (The invoked logon routine would return a cancellation 
identification information, authenticates this identification status if, for example, the user pressed the cancel button in 
information for access to local computing services without dialog box 301 in FIG. 3.) In step 705, the MPR code 
displaying an additional interface and then invokes the logon 35 determines whether the invoked logon routine has returned 
routines provided by the SPI implementations of the other a status that indicates that the primary logon provider is 
network drivers currently configured in the computer sys- actively (and successfully) connected to a device (or pseudo- 
tern. Specifically, in step 601, the MPR code invokes the device) and, if so, continues in step 706, else continues in 
logon routine of the designated primary, logon provider step 707. In step 706, the MPR code sets the current 
(driver). As will be discussed with reference to FIG. 8, the 40 identification information to the values returned by the 
primary logon provider, if it is actively and successfully primary logon provider's logon routine. Otherwise, when 
connected to a network device, displays its logon user the logon user interface of the primary logon provider was 
interface to collect identification information and then not displayed because the primary logon provider was not 
authenticates that information. In step 602, the MPR code connected successfully to its corresponding device or when 
attempts local system authentication of the identification 45 the primary logon provider is the system logon code, the 
information collected at step 601 to validate the user for current identification values used are the initial identification 
access to computing resources protected by the operating information set in step 701. 

system. In step 603, me MPR code determines whether local Steps 707-711 perform local system logon using the 
system authentication was successful and, if so, continues at system logon code. In step 707, the MPR code attempts to 
step 605, else continues in step 604. In step 604, the MPR 50 "logon" to the local system (local system authentication) 
code determines that it must display its own logon user using either the initial identification information set in step 
interface to collect additional identification information and 701 or the identification information collected by the pri- 
returns to step 602 to reattempt local system authentication. mary logon provider in step 703 (or the information col- 
Otherwise, in step 605, the MPR code invokes the logon lected by the system logon code in step 709, as is discussed 
routines of the other network drivers currently configured 55 below). The local system logon mechanism involves authen- 
using the previously collected identification information, ticating the passed identification information for access to 
and returns. The logon routines of the other network drivers whatever computing services the operating system is pro- 
may be invoked serially, concurrently, or in any order. One tec ting. For example, the local computer system may main- 
skilled in the art will recognize that the previously collected tain a user profile file that is protected by a password and 
information provided to the logon routines of the other 60 cannot be accessed by application programs until it is 
network drivers can be either the identification information Unlocked" by the local system logon code. In step 708, the 
collected by the primary logon provider in step 601 or the MPR code determines whether the local system authentica- 
identification information collected for the purposes of local tion was successful and, if so, continues in step 712, else 
system authentication in step 604. Alternatively, default continues in step 709. In step 709, since the authentication 
identification information could be provided instead of or in 65 using the previously collected identification information was 
addition to the previously collected identification informa- not successful, the MPR code displays its own logon user 
tion. interface to collect additional identification information. In 
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step 710, the MPR code determines whether the user can- routine determines whether the user has already logged on 

celed out of this user interface and, if so, continues in step and, if so, returns a successful status, else continues in step 

711, else returns to step 707 to reattempt local system 803. In step 803, the logon routine determines whether it is 
authentication with the newly collected identification infor- being called as the primary logon provider's logon routine 
mation. Local system authentication is thus reattempted 5 and. if so, continues in step 807, else continues in step 804. 
until either the user cancels out of the user interface or In step 804, when the logon routine is invoked as a supple- 
authentication is successful. In step 711, if the user has mental logon provider routine, the logon routine determines 
canceled out of the system logon user interface and if this is whether a password has been cached for its services and, if 
the first logon user interface displayed to the user, then the so, continues in step 806, else continues in step 805. 
MPR code returns because no services are available. (If the 10 Passwords are cached, for example, when a network driver 
system logon user interface is the first logon user interface asks the user whether it should remember a previously 
displayed, then either a primary logon provider other than entered password for future invocations to avoid prompting 
the system logon code was not designated or the primary the user again. In step 806, if a password has been cached, 
logon provider is not actively or successfully connected.) then this cached password is used in step 809. Otherwise, if 
Otherwise, even though the identification information has 15 no password has been cached, the logon provider will use 
not been authenticated for local system computing service identification information (user name and password) sup- 
access, other services (such as network services) are poten- plied in an input parameter to the logon routine as shown in 
dally available, and thus the MPR code continues in step step 805. The logon routine then continues in step 809. If, in 

712, step 803, the logon routine instead determines that it has 
In steps 712-714, the MPR code loops through a list of 2 o Dee n invoked as the primary logon provider's logon routine, 

logon providers invoking their logon routines to enable them then in step 807 the logon routine displays its logon user 

to perform their authentication procedures. Specifically, in interface. In step 808, the logon routine determines whether 

step 712. the MPR code gets the next logon provider from the user canceled out of this user interface and, if so, returns 

the list of configured logon providers (e.g., list box 103 in with a status of cancellation, else continues in step 809. 
FIG. 1) skipping over the designated primary logon pro- 25 In step 809, the logon routine authenticates the identifi- 

vider. In step 713, the MPR code determines whether there cation information either collected from the logon code's 

is another logon provider on the list to process and, if so, user interface in step 807, from the identification informa- 

continues in step 714, otherwise continues in step 715. In tion supplied in an input parameter in step 805, or from the 

step 714, the MPR code calls the logon routine of the password cache as described in step 806. The authentication 

currently selected logon provider from the list. One skilled 3 q procedure is specific to each logon provider and may be as 

in the art will realize that, although the loop of steps simple as validating the collected information against a 

712-714 is shown to invoke the other logon providers password file. The authentication procedure authorizes 

serially in a sequence, other implementations are possible access to whatever services are provided by that particular 

and might provide efficiency benefits on other architectures. logon provider. In step 810, the logon routine determines 

For example, the additional logon providers' logon routines 35 whether the authentication procedure was successful and, if 

may be invoked concurrently. Alternatively, there may be a so, continues in step 811, else returns to step 807 to display 

static or dynamic ordering of the providers or a mixture of a logon user interface to collect additional identification 

serial and concurrent invocation. For example, the providers information in order to reattempt the authentication proce- 

may each have an associated priority and the list of providers dure. The authentication procedure is reattempted until 

ordered and invoked according to these priorities. In step 40 either the authentication is successful or until the user 

715, the MPR code sets the default identification informa- cancels out of the user interface. In step 811, the logon 

tion to the current identification information to be used the routine determines whether it is invoked as the primary 

next time the MPR logon sequence is invoked, and returns. logon provider's logon routine and, if so, continues in step 

FIG. 8 is a flow diagram of an example logon routine 812, else returns with a successful status. In step 812, the 

implemented by a logon provider. This figure illustrates a 45 routine sets an output parameter to indicate the collected and 

preferred implementation of the logon routine defined in the authenticated identification information and returns a suc- 

Network Service Provider Interface ("SPI") shown in FIG. cessful status. 

6. Any logon provider that implements the logon routine One security issue that surfaces with the embodiment 
defined in the SPI can be designated as a primary logon discussed with reference to FIGS. 7 and 8 is that any code 
provider, as was discussed with reference to FIG. 1. Differ- 50 that is able to install itself as a logon provider will be passed 
ent behaviors are provided by the logon routine with respect the user's identification information by the MPR logon 
to displaying a logon user interface based upon whether the sequence. Thus, code could be installed to store the passed 
logon routine is called as the primary logon provider's logon identification information and to use it for unauthorized 
routine or whether it is called as a supplemental logon purposes. One skilled in the art will recognize that there are 
provider's logon routine. In summary, the logon routine 55 different mechanisms available for preventing such 
determines whether it should display a logon user interface unwanted behavior. In one embodiment, the operating sys- 
to collect identification information, displays the logon user tern verifies that each logon provider is a legitimate (or 
interface when needed, authenticates the collected identifi- known) logon provider. This verification of the logon pro- 
cation information, and returns the authenticated identifica- viders can be done at load time, at configuration time, or at 
tion information to the MPR code logon sequence shown in 60 some other time such as right before identification informa- 
PIG. 7. tion is passed. One such verification technique is to use 
Specifically, in step 801, the logon routine determines digital signature techniques, such as those described in 
whether the logon provider is currently connected to its Schneier, B., Applied Cryptography, Wiley & Sons, Inc., 
corresponding device (or pseudo-device) and the connection N.Y., 1994. According to this embodiment, the logon pro- 
has not failed and, if so, continues in step 802, else returns 65 viders are passed identification information only after the 
with a status indicating that no connection is available (or logon providers have been previously verified by the oper- 
the connection has otherwise failed). In step 802, the logon ating system. 
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The preferred embodiments discussed are also applicable 
to logon providers that are not network drivers. One skilled 
in the art will recognize that any code that supports a logon 
routine as described with reference to FIG. 8 can be con- 
figured as a logon provider. For example, if code is provided 
in a DLL that provides a secure front end to a database and 
supports the logon routine discussed with reference to FIG. 
8. then the MPR logon sequence discussed with reference to 
FIGS. 6 and 7 can invoke the logon routine when the DLL 
code is designated as the primary logon provider. Also, the 
MPR logon sequence can invoke a non-network logon 
provider's logon routine as a supplemental logon provider in 
step 605 of FIG. 6 and steps 711-713 of FIG. 7. Thus, the 
user interface for logon to an entire computer system 
(whether connected or not to a network) can be replaced by 
providing logon provider code with a logon routine con- 
forming to the SPI definition discussed with reference to 
FIG. 8. 

One skilled in the art will also recognize that other 
embodiments for replacing the computer system logon user 
interface are possible. For example, in another network 
environment, the code to provide network services (the 
network driver code) can be separate from the code used to 
display a logon user interface and to authenticate the user for 
access to the computer system. Specifically, a separate code 
module, which is invoked whenever logon is performed, is 
provided to implement the initial (system) logon and authen- 
tication procedure for the computer system that is invoked 
during power up. In this embodiment, the user interface for 
system logon is replaced by linking in the desired logon user 30 
interface (e.g., at run time). For example, the code module 
with the desired logon user interface can be copied into or 
renamed as the logon and authentication module. According 
to this embodiment, the MPR code links in the appropriate 
logon user interface module to provide the initial user 
interface for collecting the identification information instead 
of invoking a network driver as the primary logon provider. 
Using this alternative embodiment, each network driver is 
independent of the user interface used to authenticate access 
to a network or to the computer system. Once access has 
been granted, the identification information can be passed on 
to the other network drivers as indicated in FIGS. 6 and 7. 

As an example of this alternative embodiment, a logon 
user interface that provides card reader access to the com- 
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intended that the invention be limited to such embodiments. 
Modifications within the spirit of the invention will be 
apparent to those skilled in the art. The scope of the present 
invention is defined by the claims which follow. 
What is claimed is: 

1. A method in a computer system network environment 
for authenticating access to computing services, the com- 
puter system network environment having a local computer 
system that can be connected to multiple heterogeneous 
networks, the local computer system having local authenti- 
cation code to access local computer system services, the 
method comprising the computer-implemented steps of: 

deteniiining a primary logon driver, the primary logon 
driver for providing access to a first network and 
having a user interface with components for collecting 
identification information for the primary logon driver, 
invoking the primary logon driver; 
under control of the primary logon driver, 
invoking the user interface of the primary logon driver 

when needed; 
in response to receiving identification information 
through the user interface components, authenticat- 
ing the received identification information to allow 
access to the first network; and 
indicating the authenticated identification information 
to the local authentication code; 
under control of the local authentication code, authenti- 
cating the indicated identification information to allow 
access to the local computer system services; 
determining a supplemental logon driver for providing 

access to a second network; 
invoking the determined supplemental logon driver; and 
under control of the invoked supplemental logon driver, 
authenticating previously provided identification infor- 
mation to allow access to the second network. 

2. The method of claim 1 wherein the step of authenti- 
cating the indicated identification information to allow 
access to the local computer system services is performed 
without invoking another user interface. 

3. The method of claim 1 wherein the step of, under 
control of the primary logon driver, invoking the user 
interface is only performed when the primary logon driver is 
actively connected to the first network. 

4. The method of claim 1 wherein the step of, under 



puter system could replace the standard operating system 45 control of the primary logon driver, invoking the user 



logon dialog shown in FIG. 2. A third party developer could 
provide such a replacement interface by coding a separate 
DLL which is then linked appropriately into the MPR code. 
A card reader user interface may provide additional security 
by requiring an intended user to enter a personal identifica- 
tion number. 

The preferred embodiment discussed with reference to 
FIGS. 6-8 can also be used to provide a local computer 
system access to a network during the local system logon 
process. This capability is useful, for example, when user 
profiles (information specific to a user) are stored on a server 
node on the network and the user profile information is 
needed to authenticate the user for access to the local 
computer system. Such an architecture might be useful to 
enable a network system administrator to control which 
users have access to which systems. According to this 
embodiment, once the MPR code has invoked (successfully) 
the primary logon provider's logon routine, the MPR code 
can then access files on the network accessible through the 
primary logon provider. 

Although the present invention has been disclosed and 
described in terms of preferred embodiments, it is not 
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interface is performed when the primary logon driver estab- 
lishes that it can access resources in order to perform the step 
of authenticating. 

5. The method of claim 1 wherein the step of, under 
control of the invoked supplemental logon driver, authenti- 
cating previously provided identification information is per- 
formed using the identification information authenticated by 
the primary logon driver. 

6. The method of claim 1 wherein the step of, under 
control of the invoked supplemental logon driver, authenti- 
cating previously provided identification information is per- 
formed using the identification information authenticated by 
the local authentication code. 

7. The method of claim 1 wherein the step of, under 
60 control of the invoked supplemental logon driver, authenti- 
cating previously provided identification information is per- 
formed without invoking another user interface. 

8. The method of claim 1 wherein the step of tetermining 
the primary logon driver is performed under the control of 
a user. 

9. The method of claim 1 wherein the user interface of the 
primary logon driver is supplied by the primary logon driver. 



65 
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10. A method in a computer system for authenticating 
access to local system services, the computer system having 
system authentication code to secure access to the local 
system services, the method comprising the computer- 
implemented steps of: 

selecting one of a plurality of logon providers as a primary 
logon provider, the primary logon provider for provid- 
ing access to provider services and having a user 
interface with components for collecting identification 
information; 

invoking the user interface of the primary logon provider 
when needed; 

under control of the primary logon provider and in 
response to receiving identification information 
through the user interface components or using pro- 
vided authentication information, authenticating the 
received or provided identification information to allow 
access to the provider services and indicating the 
received or provided information to the system authen- 
tication code; and 

under control of the system authentication code, authen- 
ticating the indicated received or provided identifica- 
tion information to allow access to the local system 
services. 

11. The method of claim 10 wherein the user interface of 
the primary logon provider is supplied by the primary logon 
provider thereby enabling replacement of the user interface. 

12. The method of claim 10 wherein the primary logon 
provider is a network driver and the step of authenticating 
the received or provided identification information to allow 
access to the provider services provides access to a network 
when the authentication is successful. 

13. The method of claim 10 wherein the step of authen- 
ticating the indicated received or provided identification 
information to allow access to the local system services 
includes the substep of invoking a second user interface for 
receiving identification information that is different from the 
first user interface, when the step of authenticating the 
received or provided identification information to allow 
access to the provider services is not successful 

14. The method of claim 10 wherein the step of authen- 
ticating the received or provided identification information 
to allow access to the provider services is performed when 
the primary logon provider is successfully connected to a 
device, a pseudo-device, or a set of services. 

15. The method of claim 10 wherein the step of deter- 
mining the primary logon provider comprises the substeps 
of: 

displaying a list of logon providers; and 
designating one of the displayed logon providers as the 
primary logon provider. 

16. The method of claim 15 wherein the step of desig- 
nating one of the displayed logon providers is performed in 
response to a user selection of one of the logon providers 
from the displayed list. 

17. A method in a computer system for authenticating 
access to a plurality of resources using a single user 
interface, the computer system having authentication code to 
access system services, the method comprising the 
computer-implemented steps of: 

deterrnining a primary logon provider, the primary logon 
provider for providing access to provider services and 
having a user interface for identifying access informa- 
tion; 

invoking the user interface of the primary logon provider 
when appropriate; 
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identifying access Mormation, the access information 
being collected through the invoked user interface of 
the primary logon provider when appropriate; 

authenticating the identified access information to allow 
access to the provider services; 

authenticating the identified access information to allow 
access to the system services without invoking an 

. additional user interface; 

determining a supplemental logon provider, the supple- 
mental logon provider for providing access to supple- 
mental provider services; and 

authenticating the identified access Mormation to allow 
access to the supplemental provider services without 
invoking an additional user interface. 

18. The method of claim 17 wherein the primary logon 
provider is a network driver and the step of authenticating 
the identified access information to allow access to the 
provider services provides access to a network when the 
authentication is successful 

19. The method of claim 18 wherein the supplemental 
logon provider is a network driver and the step of authen- 
ticating the identified access information to allow access to 
the supplemental provider services provides access to a 
second network when the authentication is successful. 

20. The method of claim 19 wherein the second network 
is a different type of network abiding by a different com- 
munications protocol than the network accessible through 
the provider services of the primary logon provider. 

21. The method of claim 17 wherein the supplemental 
logon provider is a network driver and the step of authen- 
ticating the identified access information to allow access to 
the supplemental provider services provides access to a 
second network when the authentication is successful 

22. A method in a computer system for authenticating 
access to the computer system, the computer system having 
a system defined user interface to identify access informa- 
tion and having authentication code to access system 
services, the method comprising the computer-implemented 
steps of: 

determining a primary logon provider, the primary logon 
provider for providing access to provider services and 
having a user interface for identifying access informa- 
tion; 

deterrnining whether the primary logon provider is suc- 
cessfully connected to a device or pseudo-device for 
which the provider services are provided; 

when it is determined that the primary logon provider is 
successfully connected, 

invoking the user interface of the primary logon pro- 
vider; 

identifying access information through the invoked 

user interface of the primary logon provider; 
authenticating the identified access information to 

allow access to the provider services; and 
authenticating the identified access information to 

allow access to the system services without invoking 

an additional user interface; and 
when it is determined that the primary logon provider is 
not successfully connected, 
invoking the system defined user interface; 
identifying access information through the invoked 

system defined user interface; and 
authenticating the access information identified 

through the system defined user interface to allow 

access to the system services. 

23. A method in a computer system for accessing system 
authentication information stored on a network, the com- 
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puter system having local system logon code to enable 
access to local computer system services, the method com- 
prising the computer-implemented steps of: 
invoking a primary logon provider, the primary logon 
provider providing a user interface for collecting iden- 
tification information and having code for accessing a 
network; 

under control of the primary logon provider, 

invoking the user interface of the primary logon pro- 
vider when needed; 

identifying identification information, the identified 
information either received through the displayed 
user interface or provided without invoking the user 
interface of the primary logon provider; 

authenticating the identified identification information 
for access to the network; and 

indicating the identified identification information to 
the local system logon code; 
invoking the local system logon code; and 
under control of the local system logon code, 

using the indicated identification information to access 
the network; 

retrieving the system authentication information stored 
on the network using the primary logon provider 
code; and 

authenticating the indicated identification information 
for access to the local computer system services 
using the system authentication information 
retrieved from the network. 

24. A computer system for authenticating access to local 
system services comprising: 

means for detennining a primary logon driver, the pri- 
mary logon driver for providing access to driver ser- 
vices and having a user interface for identifying access 
information; 

driver means for invoking the user interface of the deter- 
mined primary logon driver, identifying access 
information, authenticating the identified access infor- 
mation for access to the driver services, and sending the 
authenticated access information; 

system means for authenticating the sent access informa- 
tion for access to the local system services, which 
operates in response to receiving the authenticated 
access information from the driver means and which 
operates without invoking another user interface; and 

logon means for invoking the primary logon driver deter- 
mination means and for invoking the driver means. 

25. The computer system of claim 24 wherein the driver 
means is a network driver that provides access to a network 
when the driver means successfully authenticates the iden- 
tified access information. 

26. The computer system of claim 24. the driver means 
performing the invoking of the user interface when the 
primary logon driver is successfully connected to a device or 
pseudo-device. 

27. A computer system for authenticating access to system 
services comprising: 

means for deterrnining a primary logon driver, the pri- 
mary logon driver for providing access to driver ser- 
vices and having a user interface for identifying access 
information; 

driver means for, when the primary logon driver is suc- 
cessfully connected to a device or pseudo-device, 
invoking the user interface of the determined primary 
logon driver, identifying access information, authenti- 
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eating the identified access information for access to 
the driver services, and sending the authenticated 
access information; 

system means for authenticating the sent access informa- 
tion for access to the system services, which operates in 
response to receiving the authenticated access informa- 
tion from the driver means and which operates without 
invoking another user interface; 

logon means for invoking the primary logon driver deter- 
1 mination means and for invoking the driver means ; and 

an alternate system means for authenticating access infor- 
mation for access to the system services, which is 
invoked by the logon means to operate when the 
primary logon driver is not successfully connected to a 
' device or to a pseudo-device and which invokes a 
system user interface for identifying access information 
and authenticates the access information identified by 
the system user interface in order to provide access to 
the system services. 
1 28. A local computer system comprising: 

a input-output device; 

a primary logon driver associated with a set of driver 
services that provide access to the input-output device 

; that in response to being invoked, invokes a user 
interface when needed to retrieve an identification 
name and password from a user, authenticates the 
retrieved identification name and password for access 
to the driver services, and returns the authentication 

( results; 

a router that, in response to being invoked, invokes the 
primary logon driver and uses the authentication results 
returned by the primary logon driver to authenticate the 
user for access to the local computer system; and 
35 a command sequence that causes the router to be invoked. 

29. The computer system of claim 28 wherein the input- 
output device is a network and the pimary logon driver is 
a network driver that provides access to the network, 
whereby the authentication results returned by the network 

40 driver are used to authenticate access to the local computer 
system. 

30. The computer system of claim 28 wherein the input- 
output device is a storage device that stores a database and 
the primary logon driver is associated with a set of database 

45 services that provide access to the database, and wherein the 
access to the local computer system is to services that are not 
database services. 

31. The computer system of claim 28 wherein the primary 
logon driver is an electronic mail server, and wherein the 

50 access to the local computer system is to services that are not 
electronic mail services. 

32. The computer system of claim 28 wherein the router 
invokes a second user interface that is different than the first 
user interface if the authentication results returned by the 

55 primary logon driver are unsuccessful. 

33. The computer system of claim 28 wherein the primary 
logon driver first determines whether the primary logon 
driver is successfully connected to the input-output device 
and, when it is determined that the driver is not successfully 

60 connected, returns authentication results indicating unsuc- 
cessful authentication, without invoking the user interface. 

34. The computer system of claim 33 wherein the router 
invokes a local system user interface if the authentication 
results returned by the primary logon driver are unsuccess- 

65 fill. 

35. The computer system of claim 28 wherein the router 
uses the returned authentication results without invoking an 
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additional user interface to provide access to the local 43. The distributed computer-readable memory medium 

computer system, of claim 36 wherein the step of determining the primary 

36. A distributed computer-readable memory medium logon driver is performed under the control of a user, 
containing instructions for controlling a computer processor 44. A distributed computer-readable memory medium 
in a computer system network environment to authenticate 5 containing instructions for controlling a computer processor 
access to computing services, the computer system network m a com P utcr system to authenticate access to local system 
environment having a local computer system that can be services, the computer system having system authentication 
connected to multiple heterogeneous networks, the local code to secure access to the local system services, by 
computer system having local authentication code to access performing the steps of: 

local : .computer system services, by performing the steps of: 10 selecting one of a plurality of logon providers as a primary 

determining a primary logon driver, the primary logon lo S on provider, the primary logon provider for provid- 

driver for providing access to a first network and access to provider services and having a user 

having a user interface with components for collecting interface with components for collecting identification 

identification information for the primary logon driver; information; 

invoking the primary logon driver; 15 Evoking the user interface of the primary logon provider 

when needed; 

under control of the primary logon driver, , *„ t * • i • j j • 

w *u • JL r*u * i a • unfax control of the primary logon provider and in 

invoking the user interface of the primary logon driver . . f 

when needed; response to receiving identification information 

. . . » « . r through the user interface components or using pro- 

rn response to receiving identification information nn . . . *u *• • r ... - « 6 

through the user interface components, authenticat- 20 M ^umenUcaUng the 

ing the received identm<mhonMormation to allow receivedor^ 

access to the first network; and access * s& ™*\ indicating the 

indicating the authenticated identification information ^ ved mfarmatl011 10 to s ? st * m authen - 

to the local authentication code; M Ucauon code; and 

i * ^ , , ^ A . ^ . 25 under control of the system authentication code, authen- 

under confrol of the local authenUcation code, authenU- ^ ^ Seated received or ^ identifica _ 

eating die indicated identification information to allow tion Monnation to ^ access t0 &e local mtm 

access to the local computer system services; services 

determining a supplemental logon driver for providing 45. The distributed computer-readable memory medium 

access to a second network; 30 0 f daim 44 wherein the user interface of the primary logon 

invoking the determined supplemental logon driver; and provider is supplied by the primary logon provider thereby 

under control of the invoked supplemental logon driver, enabling replacement of the user interface, 

authenticating previously provided identification infor- 46- Th e distributed computer-readable memory medium 

mation to allow access to the second network. of claim 44 wherein the primary logon provider is a network 

37. The distributed computer-readable memory medium 35 driver and the step of authenticating the received or provided 
of claim 36 wherein the step of authenticating the indicated identification information to allow access to the provider 
identification information to allow access to the local com- services provides access to a network when the authentica- 
puter system services is performed without invoking another ^ on * s successful. 

user interface. 47. The distributed computer-readable memory medium 

38. The distributed computer-readable memory medium 40 of claim 44 wherein the step of authenticating the indicated 
of claim 36 wherein the step of, under control of the primary received or provided identification information to allow 
logon driver, invoking the user interface is only performed access to the local system services includes the substep of 
when the primary logon driver is actively connected to the invoking a second user interface for receiving identification 
first network. information that is different from the first user interface, 

39. The distributed computer-readable memory medium 45 when me ste P authenticating the received or provided 
of claim 36 wherein the step of, under control of the primary identification information to allow access to the provider 
logon driver, invoking the user interface is performed when services is not successful. 

the primary logon driver establishes that it can access 48. The distributed computer-readable memory medium 

resources in order to perform the step of authenticating. of claim 44 wherein the step of authenticating the received 

40. The distributed computer-readable memory medium 50 01 provided identification information to allow access to the 
of claim 36 wherein the step of, under control of the invoked provider services is performed when the primary logon 
supplemental logon driver, authenticating previously pro- provider is successfully connected to a device, a pseudo- 
vided identification information is performed using the device, or a set of services. 

identification information authenticated by the primary 49. The distributed computer-readable memory medium 

logon driver. 55 of claim 44 wherein the step of determining the primary 

41. The distributed computer-readable memory medium logon provider comprises the substeps of: 
of claim 36 wherein the step of, under control of the invoked displaying a list of logon providers; and 
supplemental logon driver, authenticating previously pro- designating one of the displayed logon providers as the 
vided identification information is performed using the primary logon provider. 

identification information authenticated by the local authen- 60 50. The distributed computer-readable memory medium 

tication code. of claim 49 wherein the step of designating one of the 

42. The distributed computer-readable memory medium displayed logon providers is performed in response to a user 
of claim 36 wherein the step of, under control of the invoked selection of one of the logon providers from the displayed 
supplemental logon driver, authenticating previously pro- list 

vided identification information is performed without invok- 65 

ing another user interface. ***** 
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